CVE-2020-14966
- EPSS 0.28%
- Veröffentlicht 22.06.2020 12:15:10
- Zuletzt bearbeitet 21.11.2024 05:04:31
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signa...
CVE-2020-14967
- EPSS 0.34%
- Veröffentlicht 22.06.2020 12:15:10
- Zuletzt bearbeitet 21.11.2024 05:04:32
An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error)....
CVE-2020-14968
- EPSS 0.55%
- Veröffentlicht 22.06.2020 12:15:10
- Zuletzt bearbeitet 21.11.2024 05:04:32
An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as v...